NetScreen automates VPN policy management

For users, updated management software from NetScreen Technologies Inc. promises to automate tedious configuration tasks while reducing the possibility of human error in setting up VPN policies.

NetScreen’s Global Pro 3.0 software makes it possible for customers to designate firewall and VPN policies for NetScreen gear via option boxes displayed on the management console. Commands to implement these choices are then sent automatically to each affected device.

Other VPN vendors, such as SonicWall Inc. and Check Point Software Technologies Ltd., have simplified and automated their platforms to better manage large VPNs. Other vendors, such as Solsoft Inc., are writing similar software to manage equipment made by multiple vendors.

“Without this automation, if you have 10 sites and you add an 11th, you have to [reconfigure] each one. It takes on a life of its own,” says Martha Young, research director for Enterprise Management Associates Inc.

Automating policy changes means they take effect sooner, which can be critical if corporations shut down offices and need to revoke network access rights immediately to avoid security breaches by terminated employees, Young says.

Global Pro 3.0 software comes loaded on a Sun Netra server. When another NetScreen firewall/VPN gateway is added to a network, it can be assigned to a group that shares a policy profile. By virtue of that group assignment, Global Pro configures the gateway and then notifies its peers to accept it.

This saves time and requires less technical expertise, both of which mean savings, says Gregson Siu, CTO of Alliente Inc., a Colorado Springs company that procures business supplies for other businesses. The company manages between 20 and 30 NetScreen gateways with Global Pro.

While streamlining configuration, Global Pro 3.0 also can create custom views of monitored data, including information gathered about attempts to hack into a VPN. Global Pro filters alerts so security administrators see alerts about potential attacks, while network administrators might want to see the status of VPN connections.

NetScreen also has a stripped-down version of its management software called Global Pro Express. It manages up to 100 devices, while the full Global Pro version handles up to 10,000. The Express version lacks templates for reports and interfaces to other management platforms such as Hewlett-Packard Co.’s OpenView.

NetScreen has also made changes to the client software that runs on remote PCs that want to access a VPN. It now downloads users’ policies each time they log on and purges them when they log off. This makes the VPN more secure because policies are not stored on remote machines.

Global Pro Express costs US$6,000 vs. US$20,000 for the full version. They are available Nov. 26. The new client software will be available Jan. 15.

NetScreen can be reached at